Issue in Extracting Defined Names

[DissectMalware]

When interpreting defined names it is necessary to only consider the first byte of name field if the name is a built-in one.

Some malicious documents, use arbitrary label for built in defined names such as auto_open to evade analysis tools.

example: https://twitter.com/c0ntrol_z/status/1260205314193883136

ref: https://twitter.com/c0ntrol_z/status/1259967792998232073